Develop and implement the WL TW information security framework, objectives, and initiatives by align with global security team.
Lead and contribute to the development, implementation and enhancement of information security policies, standards, and procedures to ensure compliance with applicable regulations and frameworks.
Observe and evaluate potential information security risks, manage the risks by planning and conducting mediation actions.
Co-lead incident response efforts with domain expertise in the event of security incidents
Work with WL global security team to establish and maintain a robust cyber threat intelligence system, including cyber events the collection, analysis. Ensure the integration of threat intelligence into incident response processes.
Keep track of local and global information security related laws and regulations, industry standard(PCI-DSS) and best practice, internal/external(client) information security requirements. Plan and implement countermeasures accordingly to ensure the compliance.
Establish information security assessment and review mechanism. Deliver information security risk assessments and reviews of the current infrastructure, projects, new technologies, external service providers and Information Security related changes.
Be responsible of providing responses to internal/external(client) information security audit/review.
Oversee the information security maturity and propose improvement and enhancement strategies.
Coordinating the related activities required by PCI-DSS with compliance officer and be co-responsible for the annual recertification of PCI-DSS.
Stay updated on the latest trends and advancements in cyber security landscape and provide guidance to the management and other stakeholders on emerging risks.
Assist in driving security awareness and training programs to educate employees on their responsibilities and promote a culture of security awareness and compliance.
Provide information security guidance or advice to the inquiries of WL TW colleagues.
Other Preferred Knowledge And Skills
5 + years of work experience in information security management or related field. Experience in finance or payment industry, or experience in information security auditing, Security Operation Centre (SOC) is preferred.
Familiar with local and global regulations, industry standards and best practices, frameworks which apply to banking and payment industry and web/mobile applications, such as PCI DSS, ISO 27001, NIST, CIS.
Proficient knowledge of contemporary cybersecurity threats, trends, and technologies, including zero trust, firewall, SEIM,VAPT,PAM, AppSec, CloudSec, AWS/Azure Well-Architected Framework, etc
Preferred experience in Cyber Security Operations, Incident Response, Forensic Investigation, Threat Intelligence, and Vulnerability Management domains
English and Mandarin Proficiency.
Good communication skills, detail-oriented, organized, positive and active attitude and working manner with teamwork spirit.
Superior problem solving and analytical skills, capable to work independently and also be a team player.
Curiosity to security, deep understanding of emerging technologies and their potential security implications
Holds at least one of the following certifications: QSA, ISO 27001 LA (Lead Auditor), CISSP, CISM, CISA is preferred.
